1- name : Qualif
1+ name : Setup
22on :
33 push :
44 branches :
88 - " master"
99 - " bitnami"
1010jobs :
11- qualif :
12- runs-on : ubuntu-latest
13- steps :
14- - name : Check out code
15- uses : actions/checkout@v1
16- - name : Lint
17- shell : bash
18- run : |
19- helm lint .
20- name : setup cluster
21- shell : bash
22- run : |
23- curl -Lo /tmp/kind https://kind.sigs.k8s.io/dl/v0.23.0/kind-linux-amd64
24- chmod +x /tmp/kind
25- /tmp/kind create cluster --config=$GITHUB_WORKSPACE/.bin/kind-conf.yml --image=kindest/node:v1.29.4@sha256:3abb816a5b1061fb15c6e9e60856ec40d56b7b52bcea5f5f1350bc6e2320b6f8
26- kubectl apply -f https://projectcontour.io/quickstart/contour.yaml
27- kubectl patch daemonsets -n projectcontour envoy -p '{"spec":{"template":{"spec":{"nodeSelector":{"ingress-ready":"true"}}}}}'
28- name : setup chaos mesh
29- shell : bash
30- run : |
31- curl -sSL https://mirrors.chaos-mesh.org/v2.6.2/install.sh | bash -s -- --local kind
32- name : setup certs
33- shell : bash
34- run : |
35- openssl req -x509 -newkey rsa:4096 -nodes -subj '/CN=example.com' -keyout tls.key -out tls.crt -days 365
36- cp tls.crt ca.crt
37- kubectl create secret generic custom-cert --from-file=./tls.crt --from-file=./tls.key --from-file=./ca.crt
38- name : deploy openldap-stack-ha
39- shell : bash
40- run : |
41- cd "$GITHUB_WORKSPACE"
42- helm install openldap-stack-ha -f .bin/myval.yaml .
43- kubectl rollout status sts openldap-stack-ha
44- name : verify deployment
45- shell : bash
46- run : |
47- echo "test access to openldap database"
48- sudo apt-get install -y ldap-utils
49- sleep 10
50- LDAPTLS_REQCERT=never ldapsearch -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org'
51- name : test phpldapadmin access
52- shell : bash
53- run : |
54- echo "test access to phpldapadmin"
55- echo "127.0.0.1 phpldapadmin.example ssl-ldap2.example" | sudo tee -a /etc/hosts
56- curl phpldapadmin.example:8080
57- name : test self service pwd access
58- shell : bash
59- run : |
60- echo "test access to ssp"
61- curl ssl-ldap2.example:8080
62- name : verify certs
63- shell : bash
64- run : |
65- echo "verify certificate"
66- echo | openssl s_client -showcerts -servername example.com -connect localhost:30636 2>/dev/null | openssl x509 -inform pem -noout -text > /tmp/test-cert.txt
67- if ! grep -q "CN = example.com" /tmp/test-cert.txt; then echo exit 1; fi
68- name : apply chaos tests
69- shell : bash
70- run : |
71- echo "test access to openldap database"
72- kubectl apply -f .bin/chaos.yaml
73- name : test write
74- shell : bash
75- run : |
76- echo "Write test to openldap database"
77- LDAPTLS_REQCERT=never ldapadd -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -f .bin/user.ldif
78- LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' > /tmp/test-write.txt
79- if ! grep "Einstein" /tmp/test-write.txt; then exit 1 ; fi
80- if ! grep "objectClass: ownCloud" /tmp/test-write.txt; then echo 'no ownCloud entry found'; fi
81- name : test memberOf
82- shell : bash
83- run : |
84- echo "MemberOf test to openldap database"
85- LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' "(memberOf=cn=testgroup,ou=Group,dc=example,dc=org)" > /tmp/test-write.txt
86- if [ $(grep "numResponses" /tmp/test-write.txt | cut -d ":" -f 2 | tr -d ' ') -ne 2 ]; then exit 1 ; fi
87- if ! grep -q "uid=test1,ou=People,dc=example,dc=org" /tmp/test-write.txt; then echo exit 1; fi
88- name : chaos tests
89- shell : bash
90- run : |
91- echo "test access to openldap database"
92- for i in {1..20}; do LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' && sleep 60 ; done
93- name : deploy openldap-stack-ha-single-node
94- shell : bash
95- run : |
96- helm delete openldap-stack-ha
97- cd "$GITHUB_WORKSPACE"
98- helm install openldap-stack-ha -n single --create-namespace -f .bin/singleNode.yaml .
99- kubectl rollout status sts openldap-stack-ha -n single
100- name : verify single node deployment
101- shell : bash
102- run : |
103- echo "test access to openldap database"
104- sudo apt-get install -y ldap-utils
105- LDAPTLS_REQCERT=never ldapsearch -x -D 'cn=admin,dc=singlenode,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=singlenode,dc=org' > /tmp/test-single-node.txt
106- cat /tmp/test-single-node.txt
107- if [ $(grep "numResponses" /tmp/test-single-node.txt | cut -d ":" -f 2 | tr -d ' ') -ne 6 ]; then exit 1 ; fi
108- name : deploy openldap-stack-ha-disable-ldap-port
109- shell : bash
110- run : |
111- helm delete -n single openldap-stack-ha
112- cd "$GITHUB_WORKSPACE"
113- helm install openldap-stack-ha -n no-ldap-port --create-namespace -f .bin/disableLdapPort.yaml .
114- kubectl -n no-ldap-port create secret generic custom-cert --from-file=./tls.crt --from-file=./tls.key --from-file=./ca.crt
115- kubectl -n no-ldap-port rollout status sts openldap-stack-ha -n no-ldap-port
116- name : verify no ldap port deployment
117- shell : bash
118- run : |
119- echo "test access to openldap database"
120- sudo apt-get install -y ldap-utils
121- echo "Write test to openldap database"
122- LDAPTLS_REQCERT=never ldapadd -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -f .bin/simpleUser.ldif
123- LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' > /tmp/test-write.txt
124- cat /tmp/test-write.txt
125- if [ $(grep "numResponses" /tmp/test-write.txt | cut -d ":" -f 2 | tr -d ' ') -ne 3 ]; then exit 1 ; fi
126-
127-
128-
11+ call-ci-singlenode :
12+ uses : ./.github/workflows/tests/ci-singlenode.yml
13+ call-ci-other :
14+ uses : ./.github/workflows/tests/ci-other.yml
15+ call-ci-ha :
16+ uses : ./.github/workflows/tests/ci-ha.yml
0 commit comments